Master Degree / Yüksek Lisans Tezleri

Permanent URI for this collectionhttps://hdl.handle.net/11147/3008

Browse

Filters

2002 - 20104

Settings

Scopus Q: search.filters.scopusQuartile.N/ASubject: search.filters.subject.Computer security

Search Results

Now showing 1 - 4 of 4
  • Master Thesis
    Comparison of Recovery Requirements With Investigation Requirements for Intrusion Management Systems
    (Izmir Institute of Technology, 2002) Arpaçay Tapucu, Dilek; Tuğlular, Tuğkan
    Computer systems resources and all data contained in the system may need to be protected against the increasing number of unauthorized access, manipulation and malicious intrusions. This thesis is concerned with intrusion management systems and specially with their investigation and recovery subsystems. The goals of these systems are to investigate intrusion attempts and recover from intrusions as fast as possible. In order to achieve these goals me should observe the fact that some of the intrusion attempts will be eventually successful should be accepted and necessary precautions should be taken.After an intrusion has taken place, the focus should be on the assessment:looking at what damage has occurred, how it happened, what changes can be made to prevent such attacks in the future. In this thesis, requirements of investigation and recovery process are determined and related guidelines developed. The similarities and differences between these guidelines are explained.
  • Master Thesis
    Development of a Quality Assurance Prototype for Intrusion Detection Systems
    (Izmir Institute of Technology, 2002) Yüksel, Ulaş; Tuğlular, Tuğkan
    Quality assurance is an essential activity for any business interacting with consumers. There are considerable number of projects going on to develop intrusion detection systems (IDSs). However, efforts to establish standards and practices to ensure the quality of such systems are comparatively less significant. The quality assurance activities for IDSs should ensure the conformance of explicitly stated functional and performance requirements as well as implicit characteristics that are expected from information security tools. This dissertation establishes guidelines to review, evaluate and possibly to develop an IDS. To establish guidelines, generic IDS and software requirements, software quality factors and design principles are used which are available in related literature and these requirements are presented both on developed generic IDS model and in Common Criteria Protection Profile format. First, the guidelines are developed, then they are implemented on a specific IDS product evaluation.
  • Master Thesis
    Defining a Sample Template for Governmental Procurements of Cryptographic Products
    (Izmir Institute of Technology, 2006) Taş, Levent; Koltuksuz, Ahmet Hasan
    It is a well-known truth that nobody can easily find a law, act, directive, code or a publicly available technical specification which describe crytopgraphic-based security systems and/or cryptographic modules in Turkey. Besides that, from the international aspect, the only government released standarts take place in the "Federal Information Standarts Publication (FIPS) 140-2", published by United States "National Institute of Standarts and Technology (NIST)" on May 25th, 2001 (which became the international standart after Final Commitee Document accepted as "ISO/IEC 19790:2006" on March 9th, 2006) which specifies the security requirements that should be satisfied by a cryptographic module.Since the protection of sensitive and valuable (sometimes lifecritical) data transfered via critical governmental cryptographic systems is very important and requires high confidentiality, the need for defining a sample template technical specification of those cryptographic systems is that much high.The sample template specification which is made up in this study aims to be a starting point or initiative for preparing a cryptographic module specification in governmental procurements.
  • Master Thesis
    Development of a Static Analysis Tool To Find Securty Vulnerabilities in Java Applications
    (Izmir Institute of Technology, 2010) Topuz, Bertan; Tuğlular, Tuğkan
    The scope of this thesis is to enhance a static analysis tool in order to find security limitations in java applications. This will contribute to the removal of some of the existing limitations related with the lack of java source codes. The generally used tools for a static analysis are FindBugs, Jlint, PMD, ESC/Java2, Checkstyle. In this study, it is aimed to utilize PMD static analysis tool which already has been developed to find defects Possible bugs (empty try/catch/finally/switch statements), Dead code (unused local variables, parameters and private methods), Suboptimal code (wasteful String/StringBuffer usage), Overcomplicated expressions (unnecessary if statements for loops that could be while loops), Duplicate code (copied/pasted code means copied/pasted bugs). On the other hand, faults possible unexpected exception, length may be less than zero, division by zero, stream not closed on all paths and should be a static inner class cases were not implemented by PMD static analysis tool. PMD performs syntactic checks and dataflow analysis on program source code.In addition to some detection of clearly erroneous code, many of the .bugs. PMD looks for are stylistic conventions whose violation might be suspicious under some circumstances. For example, having a try statement with an empty catch block might indicate that the caught error is incorrectly discarded. Because PMD includes many detectors for bugs that depend on programming style, PMD includes support for selecting which detectors or groups of detectors should be run. While PMD.s main structure was conserved, boundary overflow vulnerability rules have been implemented to PMD.